* nftables: no table for ipv6
@ 2014-07-28 15:49 Thomas Witt
2014-07-28 16:08 ` Álvaro Neira Ayuso
2014-07-28 22:08 ` Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Thomas Witt @ 2014-07-28 15:49 UTC (permalink / raw)
To: netfilter
Hi, I am trying to configure nftables on a new server.
I can add tables for ip4:
# nft add table ip filter
but not for ip6 or inet:
# nft add table ip6 filter6
# nft add table inet filterboth
# nft list tables
table filter
So, a table gets added for ipv4, but not for v6. What do I need to do in
order for nft to support ip6? And why does nft returns 0 instead of an
error?
Versions:
nftables-0.3
libmnl-1.0.3
libnftnl-1.0.2
I tried kernels 3.15.6 and 3.16-rc7 with the following .config:
#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=y
# CONFIG_NETFILTER_NETLINK_ACCT is not set
# CONFIG_NETFILTER_NETLINK_QUEUE is not set
# CONFIG_NETFILTER_NETLINK_LOG is not set
# CONFIG_NF_CONNTRACK is not set
CONFIG_NF_TABLES=y
CONFIG_NF_TABLES_INET=y
CONFIG_NFT_EXTHDR=y
CONFIG_NFT_META=y
CONFIG_NFT_RBTREE=y
CONFIG_NFT_HASH=y
CONFIG_NFT_COUNTER=y
CONFIG_NFT_LOG=y
CONFIG_NFT_LIMIT=y
CONFIG_NFT_REJECT=y
CONFIG_NFT_REJECT_INET=y
# CONFIG_NETFILTER_XTABLES is not set
CONFIG_IP_SET=y
CONFIG_IP_SET_MAX=256
CONFIG_IP_SET_BITMAP_IP=y
# CONFIG_IP_SET_BITMAP_IPMAC is not set
# CONFIG_IP_SET_BITMAP_PORT is not set
CONFIG_IP_SET_HASH_IP=y
# CONFIG_IP_SET_HASH_IPMARK is not set
# CONFIG_IP_SET_HASH_IPPORT is not set
# CONFIG_IP_SET_HASH_IPPORTIP is not set
# CONFIG_IP_SET_HASH_IPPORTNET is not set
# CONFIG_IP_SET_HASH_NETPORTNET is not set
# CONFIG_IP_SET_HASH_NET is not set
# CONFIG_IP_SET_HASH_NETNET is not set
# CONFIG_IP_SET_HASH_NETPORT is not set
# CONFIG_IP_SET_HASH_NETIFACE is not set
# CONFIG_IP_SET_LIST_SET is not set
# CONFIG_IP_VS is not set
#
# IP: Netfilter Configuration
#
# CONFIG_NF_DEFRAG_IPV4 is not set
CONFIG_NF_TABLES_IPV4=y
CONFIG_NFT_CHAIN_ROUTE_IPV4=y
CONFIG_NFT_REJECT_IPV4=y
# CONFIG_NF_TABLES_ARP is not set
# CONFIG_IP_NF_IPTABLES is not set
# CONFIG_IP_NF_ARPTABLES is not set
#
# IPv6: Netfilter Configuration
#
# CONFIG_NF_DEFRAG_IPV6 is not set
CONFIG_NF_TABLES_IPV6=y
CONFIG_NFT_CHAIN_ROUTE_IPV6=y
CONFIG_NFT_REJECT_IPV6=y
# CONFIG_IP6_NF_IPTABLES is not set
# CONFIG_NF_TABLES_BRIDGE is not set
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_RDS is not set
# CONFIG_TIPC is not set
# CONFIG_ATM is not set
# CONFIG_L2TP is not set
# CONFIG_BRIDGE is not set
CONFIG_HAVE_NET_DSA=y
# CONFIG_VLAN_8021Q is not set
# CONFIG_DECNET is not set
# CONFIG_LLC2 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_PHONET is not set
# CONFIG_IEEE802154 is not set
CONFIG_NET_SCHED=y
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: nftables: no table for ipv6
2014-07-28 15:49 nftables: no table for ipv6 Thomas Witt
@ 2014-07-28 16:08 ` Álvaro Neira Ayuso
2014-07-28 16:28 ` Thomas Witt
2014-07-28 22:08 ` Pablo Neira Ayuso
1 sibling, 1 reply; 4+ messages in thread
From: Álvaro Neira Ayuso @ 2014-07-28 16:08 UTC (permalink / raw)
To: Thomas Witt, netfilter
Hello Thomas
El 28/07/14 17:49, Thomas Witt escribió:
> Hi, I am trying to configure nftables on a new server.
>
> I can add tables for ip4:
>
> # nft add table ip filter
>
> but not for ip6 or inet:
>
> # nft add table ip6 filter6
> # nft add table inet filterboth
> # nft list tables
If you write nft list tables, you will see only the tables of ipv4. Try
with nft list tables ip6 for ipv6 or nft list tables inet for inet.
Try with that and tell me the result.
I hope that I have helped you.
> table filter
>
> So, a table gets added for ipv4, but not for v6. What do I need to do in
> order for nft to support ip6? And why does nft returns 0 instead of an
> error?
>
> Versions:
> nftables-0.3
> libmnl-1.0.3
> libnftnl-1.0.2
Regards
Alvaro
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: nftables: no table for ipv6
2014-07-28 16:08 ` Álvaro Neira Ayuso
@ 2014-07-28 16:28 ` Thomas Witt
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Witt @ 2014-07-28 16:28 UTC (permalink / raw)
To: netfilter
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="windows-1252", Size: 315 bytes --]
On 28/07/14 18:08, Álvaro Neira Ayuso wrote:
> If you write nft list tables, you will see only the tables of ipv4. Try
> with nft list tables ip6 for ipv6 or nft list tables inet for inet.
>
> Try with that and tell me the result.
>
> I hope that I have helped you.
That indeed helped me, thank you.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: nftables: no table for ipv6
2014-07-28 15:49 nftables: no table for ipv6 Thomas Witt
2014-07-28 16:08 ` Álvaro Neira Ayuso
@ 2014-07-28 22:08 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2014-07-28 22:08 UTC (permalink / raw)
To: Thomas Witt; +Cc: netfilter
On Mon, Jul 28, 2014 at 05:49:26PM +0200, Thomas Witt wrote:
> Hi, I am trying to configure nftables on a new server.
>
> I can add tables for ip4:
>
> # nft add table ip filter
>
> but not for ip6 or inet:
>
> # nft add table ip6 filter6
> # nft add table inet filterboth
> # nft list tables
> table filter
nft list ip6 tables
nft list inet tables
You have to specify the family. I'll including this in the wiki page
to clarify this.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-07-28 22:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-28 15:49 nftables: no table for ipv6 Thomas Witt
2014-07-28 16:08 ` Álvaro Neira Ayuso
2014-07-28 16:28 ` Thomas Witt
2014-07-28 22:08 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.